the original cloud security
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-03-05

Ilch CMS 2.0 Cross Site Scripting
Posted Mar 5, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Ilch CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1944
MD5 | 420ff03fae255674a6f3b646bfacacb5
HP Security Bulletin HPSBMU02933 2
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02933 2 - A potential security vulnerability has been identified with HP SiteScope's loadFileContents SOAP features. The vulnerabilities could be exploited to allow remote code execution, arbitrary file download and Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2013-4835, CVE-2013-6207
MD5 | 37d156877d8352a827a45f3d16890d62
WordPress Barclaycart Shell Upload
Posted Mar 5, 2014
Authored by eX-Sh1Ne

WordPress Barclaycart plugin suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 5fe9706e8fa7260df3c05e4cf938a398
HP Security Bulletin HPSBHF02965
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02965 - A potential security vulnerability has been identified with HP Security Management System. The vulnerability could be remotely exploited to allow remote execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, remote, arbitrary
advisories | CVE-2013-6201
MD5 | 37125e85c86f8dfed89cb3fabc29a047
Open Supports 2.0 SQL Injection
Posted Mar 5, 2014
Authored by indoushka

Open Supports version 2.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6e0b716c2ef9bf7687d4d02c8e994eb9
HP Security Bulletin HPSBUX02973 SSRT101455
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02973 SSRT101455 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424
MD5 | 3b0e1ab76d06683009951ce1d4e1d678
HP Security Bulletin HPSBUX02972 SSRT101454
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02972 SSRT101454 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416
MD5 | 5a91261fbb5bd1fbe6bc08050788299b
PHP Session Handling
Posted Mar 5, 2014
Authored by Jann Horn

PHP suffers from a user session hijacking vulnerability due to the way sessions are handled on the filesystem.

tags | advisory, php
MD5 | 061e6d4aafcdc6a0ecf9dcc43cd1679d
SFR BOX NB6-MAIN-R3.3.4 Cross Site Scripting
Posted Mar 5, 2014
Authored by alejandr0.w3b.p0wn3r

SFR ADSL/Fiber BOX version NB6-MAIN-R3.3.4 suffers from 39 cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-1599
MD5 | a4f46c1f77398737ebcbe3a7530a1eb6
Gentoo Linux Security Advisory 201403-01
Posted Mar 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-1 - Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Versions less than 33.0.1750.146 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2925, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-2931, CVE-2013-6621, CVE-2013-6622, CVE-2013-6623, CVE-2013-6624, CVE-2013-6625, CVE-2013-6626
MD5 | 6d06faa68b06ef65aa482461f42f0005
IPSet Bash Completion 2.5
Posted Mar 5, 2014
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Various bug fixes and inclusion of support for the new options "markmask", "forceadd" and the new set type "hash:ip,mark".
tags | tool, shell, firewall, bash
systems | linux, unix
MD5 | 3a0356654dff1f7d1ae4c95198936c41
Glambombworld PHP Clone Script Header Injection
Posted Mar 5, 2014
Authored by indoushka

Glambombworld PHP Clone Script suffers from a header injection vulnerability. Warning: viewing the demo site is not safe for work.

tags | exploit, php
MD5 | 9948e88ca4ca535074c8c8d11202eb50
Windows Escalate UAC Protection Bypass (In Memory Injection)
Posted Mar 5, 2014
Authored by David Kennedy, Ben Campbell, mitnick, mubix | Site metasploit.com

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).

tags | exploit, shell
systems | windows
MD5 | 9f6c9e7bd21e11fecd6f20bbb622ea44
ALLPlayer M3U Buffer Overflow
Posted Mar 5, 2014
Authored by Gabor Seljan, metacom, Mike Czumak | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows 7 SP1.

tags | exploit, remote, overflow, arbitrary
systems | windows, 7
advisories | OSVDB-98283
MD5 | d2791d7a5dcefb9b55da526000c67857
Red Hat Security Advisory 2014-0249-01
Posted Mar 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0249-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
MD5 | da13bcd322e10714dfe9dca25317645e
Ubuntu Security Notice USN-2127-1
Posted Mar 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2127-1 - Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-0092
MD5 | eefd25789ab3cd0adff0d5b930267d74
Apache Cordova 2.9.0 File-Transfer Insecure Defaults
Posted Mar 5, 2014
Authored by Neil Bergman

Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 and Cordova File-Transfer iOS standalone plugin (org.apache.cordova.file-transfer) versions 0.1.0 to 0.4.1 suffers from file-transfer insecure default settings.

tags | advisory
systems | ios
advisories | CVE-2014-0072
MD5 | 91984fade27131e55ea4cbb070e9bad3
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close